The system must limit the ability of processes to have simultaneous write and execute access to memory.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-38597 | RHEL-06-000079 | SV-50398r3_rule | Medium |
| Description |
|---|
| ExecShield uses the segmentation feature on all x86 systems to prevent execution in memory higher than a certain address. It writes an address as a limit in the code segment descriptor, to control where code can be executed, on a per-process basis. When the kernel places a process's memory regions such as the stack and heap higher than this address, the hardware prevents execution in that address range. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2019-09-25 |
Details
| Check Text ( C-46155r4_chk ) |
|---|
| The status of the "kernel.exec-shield" kernel parameter can be queried by running the following command: $ sysctl kernel.exec-shield kernel.exec-shield = 1 $ grep kernel.exec-shield /etc/sysctl.conf /etc/sysctl.d/* kernel.exec-shield = 1 If "kernel.exec-shield" is not configured in the /etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or does not have a value of "1", this is a finding. |
| Fix Text (F-43545r2_fix) |
|---|
| To set the runtime status of the "kernel.exec-shield" kernel parameter, run the following command: # sysctl -w kernel.exec-shield=1 Set the system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" or a config file in the /etc/sysctl.d/ directory (or modify the line to have the required value): kernel.exec-shield = 1 Issue the following command to make the changes take effect: # sysctl --system |